The Australian Bureau of Statistics Tracked People By Their Mobile Device Data.

Image credit: Andrew Howe, ABS Demographer:

Remember the outrage about the ABS 2016 Census retaining real names and addresses? Maybe you thought the ABS got the message that the public seems to give more of a damn about privacy than public servants assume, and perhaps yanked themselves back into line?

Image credit: Andrew Howe, ABS Demographer:

The ABS claims population estimates have a “major data gap” and so they’ve been a busy bee figuring out a way to track crowd movement. Their solution? Mobile device user data.

“…with its near-complete coverage of the population, mobile device data is now seen as a feasible way to estimate temporary populations,” states a 2017 conference extract for a talk by ABS Demographer Andrew Howe.

While the “Estimated Resident Population” (ERP) is Australia’s official population measure, the ABS felt the pre-existing data wasn’t ‘granular’ enough. What the ABS really wanted to know was where you’re moving, hour by hour, through the CBD, educational hubs, tourist areas.

Howe’s ABS pilot study of mobile device user data creates population estimates with the help of a trial engagement with an unnamed telco company. The data includes age and sex breakdowns. The study ran between the 18th April to 1st May 2016.

Image credit: Andrew Howe, ABS Demographer:

And in what may seem like a rather glib ploy to gain the Coalition’s support for a contentious pilot study, Howe claims his research might also be useful in “mining areas.” Because who wouldn’t agree to be tracked constantly, just in case a pile of coal falls on your head?

Other reasons given for this need for constant tracking is “planning and service provision”, “funding models” and “disaster preparedness.” Although the pilot study also tracks crowd movement at sporting events, it’s not hard to imagine other spaces the government might be interested in tracking: places of worship, airports, ports, demonstrations and workplaces.

Following the rapidly increasing government tradition of disrespecting Australian citizen’s privacy rights, there’s no mention of any informed consent having been sought from customers before the un-named telco handed data over to the ABS. Also missing are any details of a privacy impact assessment.

Considering the last attempt by a government department to roll-their-own-crypto resulted in the MBS/PBS data breach of 2.5 million Australians, it’d be nice to know exactly how the ABS or telco anonymised and aggregated the data — especially since the ABS on-sells micro-data, from time to time.

Unfortunately, the slides and conference abstracts for Howe’s 2017 conference talks don’t reveal exactly how the alleged de-identification of data occurred. And strangely enough, despite the publicly-funded pilot study having taken place in 2016, there’s still no mention on the ABS website of the contentious research.

Privacy experts were alarmed at news:

“I find this tracking of people using their telephone location data without their knowledge and consent extremely concerning. The fact that the telecoms company allowed this data to be handed to a third party, and then for that third party to be a government agency compounds the breach of trust for the people whose data was involved,” said Angela Daly, Vice Chancellor’s Senior Research Fellow and Senior Lecturer in Queensland University of Technology’s Faculty of Law, research associate in the Tilburg Institute for Law, Technology and Society and Digital Rights Watch board member.

“After the Cambridge Analytica/Facebook scandal this is yet another example of why we need much tougher restrictions on what companies and the government can do with our data.”

Electronic Frontiers Australia board member Justin Warren also pointed out that while there are beneficial uses for this kind of information, “…the ABS should be treading much more carefully than it is. The ABS damaged its reputation with its bungled management of the 2016 Census, and with its failure to properly consult with civil society about its decision to retain names and addresses. Now we discover that the ABS is running secret tracking experiments on the population?”

“Even if the ABS’ motives are benign, this behaviour — making ethically dubious decisions without consulting the public it is experimenting on — continues to damage the once stellar reputation of the ABS.”

“This kind of population tracking has a dark history. During World War II, the US Census Bureau used this kind of tracking information to round up Japanese-Americans for internment. Census data was used extensively by Nazi Germany to target specific groups of people. The ABS should be acutely aware of these historical abuses, and the current tensions within society that mirror those earlier, dark days all too closely.”

“The ABS must work much harder to ensure that it is conducting itself with the broad support of the Australian populace. Sadly, it appears that the ABS increasingly considers itself above the mundane concerns of those outside its ivory tower. This arrogance must end.”

“For us to continue to trust the ABS with our most intimate details, the ABS must maintain society’s trust. Conducting experiments on citizens without seeming to care about our approval or consent undermines that trust.”

International privacy advocates also raised concerns about the study.

“Data the companies, like telcos, collect inevitably becomes very attractive to government agencies looking to track, monitor, and survey people. Like here, users are rarely informed, let alone consent to these uses. The impact on privacy rights is severe: location information (especially combined with other sensitive data) can reveal startlingly detailed information about your life (where you live, work), connections (who you talk to or visit), preferences (what you buy and when), and health (doctors and pharmacies frequented),” stated Amie Stepanovich, U.S. Policy Manager for digital rights organisation Access Now.

“These impacts — which don’t appear to be studied — all without any clear demonstration of efficacy or purpose. This is also a hugely discriminatory approach, which won’t measure areas where people are less likely to have the technologies being used, which will likely disproportionately disadvantage poor communities.”

“It is unclear why this invasive, opaque, harmful approach was chosen over others, potentially less invasive and more effective at accomplishing any goals they are looking to meet.”

Likewise, acclaimed digital rights activist and writer Cory Doctorow was unimpressed to learn of the study.

“Subjecting entire populations to experimental surveillance projects without their knowledge or consent is deeply unethical. Our location data can be used to infer sensitive personal, political, sexual, health, and ideological information. It should be treated as toxic waste, not innocuous study data. The ABS knows this, and that’s why they kept this study secret from its involuntary participants — it certainly wasn’t because they believed that Australians would be pleasantly surprised and didn’t want to ruin the big reveal.”

When asked for comment on the pilot study, the ABS responded: “Thanks for your queries. The ABS is finalising a detailed information paper on this topic, and we’ll be publishing it on our website as soon as it’s available. We’re happy to let you know once it’s online.”

Questions the ABS didn’t answer included:

  • Which telco was involved in the study?
  • If a Privacy Impact Assessment was undertaken?
  • If informed consent was sought from telco customers?
  • The method of aggregation and anonymisation of the data?
  • If the project is ongoing?
  • Which demographics are currently included if the study is ongoing?
  • If any micro-data from the pilot study has been on-sold by the ABS?
  • Why information about the 2016 study wasn’t made available on the ABS website?

Copies of the slides can be accessed at:




Cryptoparty founder. Amnesty Australia 'Humanitarian Media Award' recipient 2014.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What is a DDoS attack? Google Cloud’s Zombie Apocalypse risk mitigation and protection mechanism

MAIN token has been launched on Ethereum network!

COVID-19 and Cyber Security

I can identify you with a dot on a piece of paper

A way to detect the rootkits and exploits in CentOS/RHEL

Kong and Wallarm Partner Up to Boost Microservices API Security


New Edison Mail+ Adds More Protection From Today’s Email Phishing Epidemic

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Asher Wolf

Asher Wolf

Cryptoparty founder. Amnesty Australia 'Humanitarian Media Award' recipient 2014.

More from Medium

Notes on Engineering Health, February 2022


View from the arXiv: Feb 21 — Feb 25 2022